Many signals derived from real world systems exhibit anomalous behaviors such as sudden and unexpected changes in the signal. It is often desirable to detect these anomalies in signals so that the anomalies may be characterized. Amplitude-based anomaly detection is based on identifying samples in a signal with low likelihood values. In amplitude-based processes, “soft computing” methods may be used, such as computing a likelihood value for each sample in a signal. In an example, these likelihood values are compared to a threshold likelihood value. The likelihood value may be computed based on an estimate of the probability distribution of a signal. Then, samples in a signal with low likelihood values may be identified as anomalies because based on the signal's probability distribution, these samples are unlikely to occur. However, amplitude-based anomaly detection has several disadvantages, such as being susceptible to long-term trends and cyclic patterns in the signal. In addition, amplitude-based anomaly detection methods are susceptible to high false alarm rates.
Anomaly detection is particularly suitable for applications in network management. In particular, identification of anomalies is especially useful for ensuring the efficiency and security of computer networks. For example, anomaly detection may be used to identify times and locations of suspicious traffic, such as network attacks, which adversely affect network operation by taking up bandwidth resulting in reduced quality of service. Thus, network administrators need to proactively identify anomalies in order to avoid or prevent attacks. It is therefore important for managers of successful networks to accurately identify anomalies in network traffic patterns with low false alarm rates.
Systems and methods to accurately detect anomalies would therefore be of great benefit in data analysis.